/**
 * @projectName CollegeEmploymentNetwork
 * @package com.kzj.CollegeEmploymentNetwork.shiro.realms
 * @className com.kzj.CollegeEmploymentNetwork.shiro.overrides.MyAuthorizingRealm
 * @copyright Copyright 2025 Thunisoft, Inc All rights reserved.
 */
package com.kzj.CollegeEmploymentNetwork.shiro.overrides;

import javax.annotation.PostConstruct;

import org.apache.commons.lang.ObjectUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.kzj.CollegeEmploymentNetwork.exception.ClientException;
import com.kzj.CollegeEmploymentNetwork.shiro.enums.UserStatusEnum;
import com.kzj.CollegeEmploymentNetwork.shiro.enums.UserTypeEnum;
import com.kzj.CollegeEmploymentNetwork.shiro.pojo.ShiroUser;
import com.kzj.CollegeEmploymentNetwork.shiro.pojo.po.User;
import com.kzj.CollegeEmploymentNetwork.shiro.server.IUserService;


/**
 * MyAuthorizingRealm
 * @description
 * @author KZJ
 * @date 2025/1/23 20:45
 * @version TODO
 */
@Component
public class MyAuthorizingRealm extends AuthorizingRealm {
    @PostConstruct
    private void postConstruct(){
        SecretFreeAbleCredentialsMatcher matcher=new SecretFreeAbleCredentialsMatcher();
        matcher.setHashAlgorithmName("md5");
        matcher.setHashIterations(1024);
        this.setCredentialsMatcher(matcher);
    }
    @Autowired
    IUserService userService;
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        User user = userService.queryUserByUsername(ObjectUtils.toString(authenticationToken.getPrincipal()));
        if(user==null)
            throw new ClientException("用户不存在");
        if(UserStatusEnum.DISABLED.is(user.getStatus()))
            throw new ClientException("用户已禁用,无法登录");
        if(passPasswordCheck(user))
        {
            return new SecretFreeAbleAuthenticationToken(true,user.getUsername(),user.getPassword(),this.getName());
        }
        return new SecretFreeAbleAuthenticationToken(user.getUsername(),user.getPassword(), ByteSource.Util.bytes(user.getSlat()),this.getName());
    }
    private boolean passPasswordCheck(User user){
        if(UserTypeEnum.CANDIDATE.is(user.getType())||UserTypeEnum.RECRUITER.is(user.getType()))
            return true;
        return false;
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        ShiroUser user = userService.queryShiroUserByUsername(ObjectUtils.toString(principalCollection.getPrimaryPrincipal()));
        SimpleAuthorizationInfo simpleAuthorizationInfo=new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addRoles(user.getRoles());
        simpleAuthorizationInfo.addStringPermissions(user.getPermissions());
        return simpleAuthorizationInfo;
    }
}